Hello all.
We use CentOS 7 ,FreeIPA 4.4, Apache 2.4
We installed audit system like http://www.freeipa.org/page/Centralized_Logging
for monitoring "Who's What's Doing".
Audit system parsing /var/log/httpd/error_log and logging to Elasticsearch.
Some string for Remove user from group in FreeIPA from
/var/log/httpd/error_log:
[Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732] ipa: INFO:
admin-u...@domain.com: batch: group_remove_member(u'somegroup',
user=u'someuser'): SUCCESS
Parsed string loaded in Elasticsearch:
{
"_index": "logstash-2017.02.15",
"_type": "events",
"_id": "Uniq-ID",
"_score": null,
"_source": {
"timestamp": "2017-02-15T03:46:08-06:00",
"status": "SUCCESS",
"parameters": "'u'somegroup', user=u'someuser'",
"action": "group_remove_member",
"principal": "admin-u...@domain.com",
"pid": "31732",
"event.tags": [
"ipa",
"ipa-call",
"batch"
],
"host": "server-1",
"facility": "local0",
"severity": "notice",
"tag": "httpderror",
"message": " [Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732] ipa:
INFO: admin-u...@domain.com: batch: group_remove_member(u'somegroup',
user=u'someuser'): SUCCESS"
},
"fields": {
"timestamp": [
1487151968000
]
},
"sort": [
1487151968000
]
}
But we need add IP-address of admin-u...@domain.com outputting to error_log.
How can add IP-address to this error_log file ?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
